Based on your customer IAM use cases, you can optionally offer users the opportunity to confirm the ownership of the email address associated with their accounts. This configuration can be configured on a per-local identity profile basis.
When you enable these settings, PingFederate generates a notification message for email ownership verification as the user submits the registration request. The email-verification message is valid for a configurable amount of time, 24 hours by default. If the user cannot find the previously sent message, the user can request another one by accessing the email ownership verification endpoint. Moreover, if profile management is enabled, the profile management page displays a reminder until the user verifies the associated email address as well. Like other local identity fields, the email verification status is stored in the directory and can be relayed to the applicable target applications through identity provider (IdP) authentication policies.
- Go to .
On the Email Verification tab, select the Enable
Email Ownership Verification check box to offer users the opportunity
to verify the email address associated with their accounts.
The Email Verification tab appears only when you select the Enable Registration check box or the Enable Profile Management check box on the Profile Info tab.
The Enable Email Ownership Verificationcheck box is not selected by default.Note:
The rest of the steps apply only if you select to enable email ownership verification.
In the Email Address Field list, select a field.
The field value represents the recipient of the verification message.
Only fields that use the Email or Text input control are eligible and shown.
In the Ownership Status Field list, select a field.
The field value represents the email ownership verification status. PingFederate sets the value to
falsein the directory when it receives a new or an updated email address from the user. After the user verifies the email ownership, PingFederate sets the value to
Only fields that use the Hidden input control are eligible and shown.
To modify the longevity of the link in the email-verification message, update the
One-Time Link Lifetime field.
The default value is
1440in minutes, 24 hours.
To use different template files for various events, update the applicable template
These templates are only applicable when using an SMTP Notification Publisher instance to deliver email-verification messages.
The following table shows the default template fields and their corresponding values.
Template field Default value Email Template message-template-email-ownership-verification.html Sent Template local.identity.email.verification.sent.html Success Template local.identity.email.verification.success.html Error Template local.identity.email.verification.error.htmlNote:
You can find the email template file in the <pf_install>/pingfederate/server/default/conf/template/mail-notifications directory and the other templates in the template directory.
In the Notification Publisher list, select an
If you haven't yet configured the desired notification publisher instance, click Manage Notification Publishers.
To require users to verify their email address before they can access any connected
applications, select the Require Verified Email check box and
specify a template in the Require Verified Email Template
When enabled, users can sign on to their local identity profile and manage their account but PingFederate blocks them from accessing any connected applications until they have successfully verified their email address.Note:
The Require Verified Email Template field appears only when you select the Require Verified Email check box.
By default, the Require Verified Email Template value is local.identity.email.verification.required.html and provides options to Resend the verification email, Continue, or Cancel.Tip:
To add a Manage Profile option, select the Enable Profile Management check box as described in step 4 of Configuring local identity profile information.
- Click Next.